Git issue #5009 Asset cache can lead to denial of service if asset database is deleted -Fix

SudhanshuBawane commented 5 months ago

Closed #5009

Description

The change is regarding the denial of service from agent when asset.db gets deleted due to some external scenario. Which creates a DOS as SHA contains the some reference to the previous asset.db and hence forth the new one does not get created properly.

Change in behavior

To prevent the DOS of the agent in above scenario and keep the agent working properly. For new asset.db creation.

Added

The new cleanUp function for cleaning up the SHA dir from cache to prevent a DOS in case of asset.db deletion.
Added the test to check all scenarios.

Changed

The expandWithDuration function in boltdb_manager has been changed a little for the cleanUp function support.

Fixed

This fixes the DOS in agent in case of asset database is deleted.

Change verification

The changes can be verified not only by the test cases but also by checking the same behavior. That is delete the asset.db and make note of it's size. Then re-run the agent and it will run without populating error file exits and asset.db get recreated with same size.

fguimond commented 4 months ago

A couple of minor things but looks good otherwise!

fguimond commented 4 months ago

Don't forget to add a changelog entry.

SudhanshuBawane commented 3 months ago

Please add a test that shows that the boltdb manager now exhibits correct behaviour when the asset.db has been deleted

SudhanshuBawane commented 3 months ago

Please add a test that shows that the boltdb manager now exhibits correct behaviour when the asset.db has been deleted

May I know what kind of behavior is expected like what I need to check ?

sensu / sensu-go